Workforce privacy notice
For employees, consultants, and contractors engaged by Northbrik Systems Ltd (“we”, “us”), trading as Northbrik. This notice describes how we process your personal data in an employment or engagement context. It is based on standard UK workforce privacy templates and is adapted for our organisation.
This notice does not form part of your contract; we may update it and will inform you of material changes when practicable.
What personal data we collect
We may collect, store, and use categories including:
- Contact details; date of birth; gender; marital status; emergency contacts.
- National Insurance number; bank and payroll details; salary and benefits; employment or engagement dates; location of work.
- ID documents; CV; references; employment history; performance records; grievance or disciplinary records.
- System usage metadata as appropriate; CCTV where operated; photographs where relevant; driving licence; tax information.
We may also process special category data such as:
- Racial or ethnic origin, religion, sexual orientation, or political opinions (where relevant and lawful).
- Trade union membership.
- Health data (conditions, absences, benefits-related health processing).
- Criminal records where required by law and proportionate to the role.
How we collect it
- Recruitment (applications, agencies, references, and directly from you).
- Pension or benefits administrators.
- Your work activities and use of our systems.
If you fail to provide data we reasonably require, we may be unable to meet our obligations to you (e.g. payroll or right-to-work checks).
How we use personal data
We process personal data only where UK GDPR / Data Protection Act 2018 allow processing, for example to perform a contract, comply with law, pursue legitimate interests that are not overridden by your rights, protect vital interests, or perform tasks in the public interest where applicable.
The table below summarises common purposes. Lawful-basis labels are headings only; the precise articles applied depend on context.
| Purpose | Why | Typical lawful bases (headline) |
|---|---|---|
| Recruitment and appointment | Assess suitability for a role | Contract; Legitimate interests |
| Determining terms of engagement | Agree appropriate employment or engagement terms | Contract; Legitimate interests |
| Employment status assessment (e.g. IR35) | Assess employment status where relevant | Legal obligation |
| Right to work checks | Ensure legal eligibility to work in the UK | Legal obligation; Legitimate interests |
| Payroll and tax | Pay compensation and meet tax obligations | Contract; Legal obligation |
| Benefits provision | Administer benefits (e.g. health cover) | Contract |
| Share plan participation | Manage awards and regulatory compliance | Contract; Legitimate interests |
| Pension enrolment | Meet automatic enrolment duties | Legal obligation |
| Pension and benefits providers | Liaise for administration | Contract; Legitimate interests |
| Managing the contract | General HR and contract administration | Contract; Legitimate interests |
| Business planning and audit | Internal management and compliance | Legitimate interests |
| Performance and appraisals | Assess and improve performance | Contract; Legitimate interests |
| Salary and promotion | Reward and retention | Contract; Legitimate interests |
| Disciplinary and grievance | Investigate and resolve issues | Contract; Legitimate interests |
| Ending employment or engagement | Exit process and legal obligations | Contract; Legitimate interests |
| Training and development | Career growth and compliance training | Contract; Legitimate interests |
| Legal disputes | Defend or pursue legal claims | Legal obligation; Legitimate interests |
| Fitness for work and health monitoring | Wellbeing and reasonable adjustments | Contract; Legal obligation |
| Sickness absence | Administer leave and related benefits | Contract; Legal obligation |
| Health and safety | Meet statutory health and safety duties | Legal obligation |
| Fraud prevention | Protect assets and people | Legitimate interests |
| IT and communications monitoring | Security and acceptable-use compliance | Legitimate interests |
| Network and cybersecurity | Protect systems and data | Legitimate interests |
| HR analytics (e.g. attrition) | Workforce planning | Legitimate interests |
| Equal opportunities monitoring | Promote fairness and comply with law | Legal obligation; Public interest (where applicable) |
We only use data for compatible purposes unless a further use is required or permitted by law. We may process without separate consent where the law allows or requires us to do so.
Special category and criminal data
Where we process special category data, we rely on appropriate conditions such as:
- Explicit consent where that is the legal route chosen;
- Employment, social security, and social protection law where applicable;
- Public-interest equality duties where applicable;
- Vital interests or preventing serious harm where relevant.
Examples of use are outlined below.
| Use | Why | Typical lawful basis (headline) |
|---|---|---|
| Health and safety | Physical and mental wellbeing at work | Contract; Legal obligation |
| Assess fitness to work | Determine safe performance of duties | Legal obligation; Legitimate interests |
| Workplace adjustments | Support disabilities and health needs | Contract; Legal obligation |
| Sickness absence | Track and manage illness-related absence | Contract; Legal obligation |
| Benefits (e.g. maternity) | Statutory and policy benefits | Contract; Legal obligation |
| Ill-health and share plans | Entitlements under share schemes | Contract |
| Ill-health and pension | Pension eligibility due to ill health | Contract |
| Protect from harm | Prevent physical, mental, or emotional harm | Legal obligation; Legitimate interests |
| Equal opportunity monitoring | Non-discrimination and diversity | Legal obligation |
| Trade union membership | Premiums and employment-law compliance | Legal obligation |
Consent
We do not usually rely on consent for routine workforce processing where another lawful basis applies. Where we do seek consent, it is voluntary and you may withdraw it by contacting us; withdrawal may limit what we can continue to do if no other basis applies.
Data protection principles
We aim to ensure personal data is:
- Processed lawfully, fairly, and transparently;
- Collected for specified purposes and not used incompatibly;
- Adequate, relevant, and limited;
- Accurate and kept up to date;
- Retained only as long as necessary;
- Kept secure.
Your responsibilities
Tell us promptly if information we hold about you changes so records stay accurate.
Automated decisions
We do not currently make decisions about you based solely on automated processing that produce legal or similarly significant effects. If that changes, we will update this notice and apply required safeguards.
Sharing and transfers
We may share personal data with:
- Group companies, payroll, pension and benefits providers, IT suppliers, and professional advisers;
- Regulators, law enforcement, courts, and tax authorities when required;
- Buyers or corporate reorganisations, with appropriate safeguards.
Processors must protect data and act on our instructions. International transfers occur only with safeguards recognized under UK data protection law.
Security
Access is limited to those who need it. We maintain procedures for suspected breaches and will notify you (and regulators) where required.
Retention
We keep data only as long as needed for legal, contractual, or operational reasons, then delete or anonymise it. Some anonymised data may be used without further notice to you.
Your rights
Under UK GDPR you have rights including access, rectification, erasure, restriction, objection, data portability, and rights relating to automated decision-making where applicable. The ICO explains each right here: ICO: individual rights.
How to exercise your rights
Contact legal@northbrik.com. Our registered office is 71 to 75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom.